1

How safe are WiFi modules/devices for use in security systems or even IoT?

How effective are dictionary and brute-force attacks in cracking WPA2? Online tutorials I've seen such as this claim to be able to crack passwords in a matter of minutes using the GPU.

If I were to include WiFi in a security or IoT system, would using a very complicated SSID and passphrase, which would be changed regulary, keep me safe from attacks like those?

user942937
  • 983
  • 8
  • 14
  • 3
    Please read carefully what this article claims. To cite: *"I will show Dictionary attack as almost 20% (that’s 1 in every 5) AP’s will have a __standard dictionary password.__"*. Thus if you use a common password found in dictionaries it is easy to brute force. If you follow the advice which is true for all kinds of password to not use a common or easy to guess password then the attack will not work. And security of WPA is unrelated to the SSID you choose, it depends on the quality of the password. – Steffen Ullrich Jul 05 '19 at 05:48
  • 1
    I would consider 802.1X wireless authentication using EAP-TLS which avoids this issue completely. You may find additional benefits for enrolling for and issuing a certificate to the IoT device - including authentication to cloud systems or storage of sensitive data, especially if a TPM is available for key storage. – Andrew Jul 09 '19 at 09:43

2 Answers2

1

A complicated SSID does not determine the security strength of your network. However, the password complexity would decrease the time cracking the encryption key. I have been doing loads of GPU cracking attacks on WPA2. With a single and decent GPU I was able to go through the famous rockyou.txt wordlist (14 344 392 password) within a hour. Imagine the speed if the attacker rented a password cracking machine. These are not too expensive and are actively being used by attackers. A long passphrase with the use of upper, lower, special characters and numbers would mitigate the risk of being cracked significantly.

ErikDM
  • 11
  • 2
  • WPA2 security is affected by ESSID to a limited extent in that the ESSID is used as a salt, so a common one makes you vulnerable to rainbow table attacks. You can download plenty of rainbow tables for routers named "linksys" that won't work for a router named "beach house network 491". – forest Jul 09 '19 at 10:12
  • @ErikDM: Hi. Thanks for answering. I'm assuming passwords found in dictionaries are existing words or differing combinations thereof. What about passwords made up of combinations of letters,numbers, and symbols? How effective is brute-force + GPU on passwords like that? – user942937 Jul 12 '19 at 02:22
  • Yes @user942937 , that is correct. If you create a large string with a variety of upper and lowercase letters, numbers and special characters - it would indeed increase the cracking time significantly. It is also possible to mangle the original wordlist with Hashcat when cracking, to add numbers before/behind the password in the dictionary, change it to 1337speak, concatenate words and so forth. By generating a completely random string based on the criteria you mentioned will generate a strong password. Remember to have a good length, and use upper/lowercase letters. – ErikDM Jul 12 '19 at 06:09
1

How effective are dictionary and brute-force attacks in cracking WPA2?

WPA2 hashes passwords using 4096 iterations of the PBKDF2-HMAC-SHA1. This is not a lot, and there is plenty of GPU-accelerated password cracking software that can guess millions of WPA2 passwords per second, and sometimes more. If your password is not strong, then it's absolutely possible that it can be quickly broken by a dictionary or brute force attack, or a hybrid of the two.

If I were to include WiFi in a security or IoT system, would using a very complicated SSID and passphrase, which would be changed regulary, keep me safe from attacks like those?

A complicated password would keep you safe from password cracking attacks, but a complicated SSID would not have much of an impact on your router security. It might be interesting to note, though, that it does have some effect for people who use weak passwords. For some reason, WPA2 uses the SSID as the password salt. A common or predictable SSID makes rainbow table attacks possible, meaning:

  1. An attacker can attempt to crack multiple passwords at once if the SSIDs are the same.

  2. An attacker can use precomputation to speed up cracking by trading space for speed.

There are places you can download rainbow tables for specific, common router names that could not be used to attack a router with a different SSID. A strong password renders these above issues moot.

Glorfindel
  • 2,235
  • 6
  • 18
  • 30
forest
  • 64,616
  • 20
  • 206
  • 257